Java Code Examples for org.apache.wss4j.common.crypto.Crypto#verifyTrust()

The following examples show how to use org.apache.wss4j.common.crypto.Crypto#verifyTrust() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: FedizSignatureTrustValidator.java    From cxf-fediz with Apache License 2.0 6 votes vote down vote up
/**
 * Evaluate whether the given certificate chain should be trusted.
 *
 * @param certificates the certificate chain that should be validated against the keystore
 * @param crypto A Crypto instance
 * @param data A RequestData instance
 * @param enableRevocation Whether revocation is enabled or not
 * @throws WSSecurityException if the certificate chain is not trusted
 */
protected void verifyTrustInCerts(
    X509Certificate[] certificates,
    Crypto crypto,
    RequestData data,
    boolean enableRevocation
) throws WSSecurityException {
    //
    // Use the validation method from the crypto to check whether the subjects'
    // certificate was really signed by the issuer stated in the certificate
    //
    crypto.verifyTrust(certificates, enableRevocation, null, null);
    String subjectString = certificates[0].getSubjectX500Principal().getName();
    LOG.debug(
        "Certificate path has been verified for certificate with subject {}", subjectString
    );
}
 
Example 2
Source File: AbstractBindingBuilder.java    From cxf with Apache License 2.0 5 votes vote down vote up
public Crypto getEncryptionCrypto() throws WSSecurityException {
    Crypto crypto =
        getCrypto(SecurityConstants.ENCRYPT_CRYPTO, SecurityConstants.ENCRYPT_PROPERTIES);
    boolean enableRevocation = false;
    String enableRevStr =
        (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENABLE_REVOCATION, message);
    if (enableRevStr != null) {
        enableRevocation = Boolean.parseBoolean(enableRevStr);
    }
    if (enableRevocation && crypto != null) {
        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
        String encrUser =
            (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_USERNAME, message);
        if (encrUser == null) {
            try {
                encrUser = crypto.getDefaultX509Identifier();
            } catch (WSSecurityException e1) {
                throw new Fault(e1);
            }
        }
        cryptoType.setAlias(encrUser);
        X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
        if (certs != null && certs.length > 0) {
            crypto.verifyTrust(certs, enableRevocation, null, null);
        }
    }
    if (crypto != null) {
        this.message.getExchange().put(SecurityConstants.ENCRYPT_CRYPTO, crypto);
    }
    return crypto;

}
 
Example 3
Source File: FedizSignatureTrustValidator.java    From cxf-fediz with Apache License 2.0 4 votes vote down vote up
/**
 * Validate a public key
 * @throws WSSecurityException
 */
protected void validatePublicKey(PublicKey publicKey, Crypto crypto)
    throws WSSecurityException {
    crypto.verifyTrust(publicKey);
}